US6718467B1ExpiredUtility

Password based protocol for secure communications

73
Assignee: CISCO TECH INDPriority: Oct 28, 1999Filed: Oct 28, 1999Granted: Apr 6, 2004
Est. expiryOct 28, 2019(expired)· nominal 20-yr term from priority
H04L 9/0844H04L 2209/56
73
PatentIndex Score
82
Cited by
43
References
93
Claims

Abstract

A method for a first participant to establish a shared secret with a second participant, where the first participant and the second participant share a password-based first master key and a hash function includes sending a first message including a first private value for the second participant and a first authenticator for the second participant encrypted with the first master key. The first message also includes a first hashed authenticator for the first participant encrypted with a first shared secret key. The first message also includes a first public value for the first participant. The first participant receives a second message, the second message including the first authenticator for the second participant and a first public value for the second participant encrypted with the first shared secret key. The first participant sends a third message, the third message including the first authenticator for the first participant, a second hashed authenticator for the first participant, a second authenticator for the second participant and a second master key encrypted with a second shared secret key. The third message also includes a second public value for the first participant. A fourth message is received by the first participant, the fourth message including a second authenticator for the second participant and a second public value for the second participant encrypted with the second shared secret key.

Claims

exact text as granted — not AI-modified
What is claimed is:  
     
       1. A method for a first participant to establish a shared secret with a second participant, said first participant and said second participant sharing a password-based first master key and a hash function, the method for said first participant comprising: 
       sending a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;  
       receiving a second message in response to said sending said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;  
       sending a third message in response to said receiving said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and  
       receiving a fourth message in response to said sending said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key.  
     
     
       2. The method of  claim 1 , further comprising: 
       sending a fifth message to said second participant in response to said receiving said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and  
       receiving a sixth message from said second participant in response to said sending said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key.  
     
     
       3. The method of  claim 2  wherein 
       each of said authenticators is a random number;  
       each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function; and  
       each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.  
     
     
       4. The method of  claim 3  wherein said cryptographic hash function is SHA-1. 
     
     
       5. The method of  claim 2  wherein 
       said first message, said third message and said fifth message include an identifier for said first participant; and  
       said second message, said fourth message and said sixth message include an identifier for said second participant.  
     
     
       6. The method of  claim 5  wherein 
       said identifier for said first participant comprises an IP address; and  
       said identifier for said second participant comprises an IP address.  
     
     
       7. The method of  claim 1  wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters. 
     
     
       8. The method of  claim 1  wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters. 
     
     
       9. The method of  claim 7 , further comprising: 
       authenticating said second message by comparing a stored value of said first authenticator for said second participant with the value of said first authenticator of said second participant in said second message;  
       authenticating said fourth message by comparing a stored value of said second authenticator for said second participant with the value of said second authenticator of said second participant in said fourth message; and  
       authenticating said sixth message by comparing a stored third authenticator for said second participant with the value of said third authenticator of said second participant in said sixth message.  
     
     
       10. The method of  claim 2 , further comprising: 
       decrypting said second message by using said first shared secret key;  
       decrypting said fourth message by using said second shared secret key; and  
       decrypting said sixth message by using said third shared secret key.  
     
     
       11. A method for a first participant to establish a shared secret with a second participant, said first participant and said second participant sharing a password-based first master key and a hash function, the method for said second participant comprising: 
       receiving a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;  
       sending a second message in response to said receiving said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;  
       receiving a third message in response to said sending said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and  
       sending a fourth message in response to said receiving said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key.  
     
     
       12. The method of  claim 11 , further comprising: 
       receiving a fifth message from said first participant in response to said sending said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and  
       sending a sixth message to said first participant in response to said receiving said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key.  
     
     
       13. The method of  claim 12  wherein 
       each of said authenticators is a random number;  
       each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function; and  
       each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.  
     
     
       14. The method of  claim 13  wherein said cryptographic hash function is SHA-1. 
     
     
       15. The method of  claim 12  wherein 
       said first message, said third message and said fifth message include an identifier for said first participant; and  
       said second message, said fourth message and said sixth message include an identifier for said second participant.  
     
     
       16. The method of  claim 15  wherein 
       said identifier for said first participant comprises an IP address; and  
       said identifier for said second participant comprises an IP address.  
     
     
       17. The method of  claim 11  wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters. 
     
     
       18. The method of  claim 11  wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters. 
     
     
       19. The method of  claim 12 , further comprising: 
       decrypting said first message by using said first shared secret key;  
       decrypting said third message by using said second shared secret key; and  
       decrypting said fifth message by using said third shared secret key.  
     
     
       20. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for establishing a shared secret between a first participant and a second participant, the first participant and second participant sharing a password-based first master key and a hash function, the method for said first participant comprising: 
       sending a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;  
       receiving a second message in response to said sending said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;  
       sending a third message in response to said receiving said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and  
       receiving a fourth message in response to said sending said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key.  
     
     
       21. The program storage device of  claim 20 , said method further comprising: 
       sending a fifth message to said second participant in response to said receiving said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and  
       receiving a sixth message from said second participant in response to said sending said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key.  
     
     
       22. The program storage device of  claim 21  wherein 
       each of said authenticators is a random number;  
       each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function; and  
       each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.  
     
     
       23. The program storage device of  claim 22  wherein said cryptographic hash function is SHA-1. 
     
     
       24. The program storage device of  claim 22  wherein 
       said first message, said third message and said fifth message include an identifier for said first participant; and  
       said second message, said fourth message and said sixth message include an identifier for said second participant.  
     
     
       25. The program storage device of  claim 24  wherein 
       said identifier for said first participant comprises an IP address; and  
       said identifier for said second participant comprises an IP address.  
     
     
       26. The program storage device of  claim 20  wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters. 
     
     
       27. The program storage device of  claim 20  wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters. 
     
     
       28. The program storage device of  claim 26 , said method further comprising: 
       authenticating said second message by comparing a stored value of said first authenticator for said second participant with the value of said first authenticator of said second participant in said second message;  
       authenticating said fourth message by comparing a stored value of said second authenticator for said second participant with the value of said second authenticator of said second participant in said fourth message; and  
       authenticating said sixth message by comparing a stored third authenticator for said second participant with the value of said third authenticator of said second participant in said sixth message.  
     
     
       29. The program storage device of  claim 28 , said method further comprising: 
       decrypting said second message by using said first shared secret key;  
       decrypting said fourth message by using said second shared secret key; and  
       decrypting said sixth message by using said third shared secret key.  
     
     
       30. An apparatus for establishing a shared secret between a first participant and a second participant, the first participant and second participant sharing a password-based first master key and a hash function, the apparatus comprising: 
       at least one memory having program instructions; and  
       at least one processor operatively coupled to said first participant and configured to use the program instructions to:  
       send a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;  
       receive a second message in response to said sending said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;  
       send a third message in response to said receiving said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and  
       receive a fourth message in response to said sending said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key.  
     
     
       31. The apparatus of  claim 30 , wherein said at least one processor is further configured to use said program instructions to: 
       send a fifth message to said second participant in response to said receiving said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and  
       receive a sixth message from said second participant in response to said sending said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key.  
     
     
       32. An apparatus for establishing a shared secret between a first participant and a second participant, the first participant and second participant sharing a password-based first master key and a hash function, the apparatus comprising: 
       at least one memory having program instructions; and  
       at least one processor operatively coupled to said second participant and configured to use the program instructions to:  
       receive a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;  
       send a second message in response to said receiving said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;  
       receive a third message in response to said sending said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and  
       send a fourth message in response to said receiving said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key.  
     
     
       33. The apparatus of  claim 32 , wherein said at least one processor is further configured to use said program instructions to: 
       receive a fifth message from said first participant in response to said sending said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and  
       send a sixth message to said first participant in response to said receiving said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key.  
     
     
       34. An apparatus for establishing a shared secret between a first participant and a second participant, the first participant and second participant sharing a password-based first master key and a hash function, the apparatus operatively coupled to said first participant and comprising: 
       means for sending a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;  
       means for receiving a second message in response to said sending said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;  
       means for sending a third message in response to said receiving said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and  
       means for receiving a fourth message in response to said sending said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key.  
     
     
       35. The apparatus of  claim 34 , further comprising: 
       means for sending a fifth message to said second participant in response to said receiving said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and  
       means for receiving a sixth message from said second participant in response to said sending said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key.  
     
     
       36. An apparatus for establishing a shared secret between a first participant and a second participant, the first participant and second participant sharing a password-based first master key and a hash function, the apparatus operatively coupled to said second participant and comprising: 
       means for receiving a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;  
       means for sending a second message in response to said receiving said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;  
       means for receiving a third message in response to said sending said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and  
       means for sending a fourth message in response to said receiving said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key.  
     
     
       37. The apparatus of  claim 36 , further comprising: 
       means for receiving a fifth message from said first participant in response to said sending said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and  
       means for sending a sixth message to said first participant in response to said receiving said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key.  
     
     
       38. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for establishing a shared secret between a first participant and a second participant, the first participant and second participant sharing a password-based first master key and a hash function, the method for said second participant comprising: 
       receiving a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;  
       sending a second message in response to said receiving said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;  
       receiving a third message in response to said sending said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant; and  
       sending a fourth message in response to said receiving said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key.  
     
     
       39. The program storage device of  claim 38 , said method further comprising: 
       receiving a fifth message from said first participant in response to said sending said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and  
       sending a sixth message to said first participant in response to said receiving said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key.  
     
     
       40. The program storage device of  claim 39  wherein 
       each of said authenticators is a random number;  
       each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function; and  
       each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.  
     
     
       41. The program storage device of  claim 40  wherein said cryptographic hash function is SHA-1. 
     
     
       42. The program storage device of  claim 39  wherein 
       said first message, said third message and said fifth message include an identifier for said first participant; and  
       said second message, said fourth message and said sixth message include an identifier for said second participant.  
     
     
       43. The program storage device of  claim 42  wherein 
       said identifier for said first participant comprises an IP address; and  
       said identifier for said second participant comprises an IP address.  
     
     
       44. The program storage device of  claim 38  wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters. 
     
     
       45. The program storage device of  claim 38  wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters. 
     
     
       46. The program storage device of  claim 39 , said program storage device further comprising: 
       decrypting said first message by using said first shared secret key;  
       decrypting said third message by using said second shared secret key; and  
       decrypting said fifth message by using said third shared secret key.  
     
     
       47. The apparatus of  claim 31  wherein 
       each of said authenticators is a random number;  
       each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function; and  
       each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.  
     
     
       48. The apparatus of  claim 47  wherein said cryptographic hash function is SHA-1. 
     
     
       49. The apparatus of  claim 31  wherein 
       said first message, said third message and said fifth message include an identifier for said first participant; and  
       said second message, said fourth message and said sixth message include an identifier for said second participant.  
     
     
       50. The apparatus of  claim 49  wherein 
       said identifier for said first participant comprises an IP address; and  
       said identifier for said second participant comprises an IP address.  
     
     
       51. The apparatus of  claim 30  wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters. 
     
     
       52. The apparatus of  claim 30  wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters. 
     
     
       53. The apparatus of  claim 31  wherein said apparatus is further configured to: 
       authenticate said second message by comparing a stored value of said first authenticator for said second participant with the value of said first authenticator of said second participant in said second message;  
       authenticate said fourth message by comparing a stored value of said second authenticator for said second participant with the value of said second authenticator of said second participant in said fourth message; and  
       authenticate said sixth message by comparing a stored third authenticator for said second participant with the value of said third authenticator of said second participant in said sixth message.  
     
     
       54. The apparatus of  claim 31  wherein said apparatus is further configured to: 
       decrypting said second message by using said first shared secret key;  
       decrypting said fourth message by using said second shared secret key; and  
       decrypting said sixth message by using said third shared secret key.  
     
     
       55. The apparatus of  claim 33  wherein 
       each of said authenticators is a random number;  
       each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function; and  
       each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.  
     
     
       56. The apparatus of  claim 55  wherein said cryptographic hash function is SHA-1. 
     
     
       57. The apparatus of  claim 33  wherein 
       said first message, said third message and said fifth message include an identifier for said first participant; and  
       said second message, said fourth message and said sixth message include an identifier for said second participant.  
     
     
       58. The apparatus of  claim 57  wherein 
       said identifier for said first participant comprises an IP address; and  
       said identifier for said second participant comprises an IP address.  
     
     
       59. The apparatus of  claim 32  wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters. 
     
     
       60. The apparatus of  claim 32  wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters. 
     
     
       61. The apparatus of  claim 33  wherein said apparatus is further configured to: 
       decrypting said first message by using said first shared secret key;  
       decrypting said third message by using said second shared secret key; and  
       decrypting said fifth message by using said third shared secret key.  
     
     
       62. The apparatus of  claim 35  wherein 
       each of said authenticators is a random number;  
       each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function; and  
       each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.  
     
     
       63. The apparatus of  claim 62  wherein said cryptographic hash function is SHA-1. 
     
     
       64. The apparatus of  claim 35  wherein 
       said first message, said third message and said fifth message include an identifier for said first participant; and  
       said second message, said fourth message and said sixth message include an identifier for said second participant.  
     
     
       65. The apparatus of  claim 64  wherein 
       said identifier for said first participant comprises an IP address; and  
       said identifier for said second participant comprises an IP address.  
     
     
       66. The apparatus of  claim 34  wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters. 
     
     
       67. The apparatus of  claim 34  wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters. 
     
     
       68. The apparatus of  claim 35 , further comprising: 
       means for authenticate said second message by comparing a stored value of said first authenticator for said second participant with the value of said first authenticator of said second participant in said second message;  
       means for authenticate said fourth message by comparing a stored value of said second authenticator for said second participant with the value of said second authenticator of said second participant in said fourth message; and  
       means for authenticate said sixth message by comparing a stored third authenticator for said second participant with the value of said third authenticator of said second participant in said sixth message.  
     
     
       69. The apparatus of  claim 35 , further comprising: 
       means for decrypting said second message by using said first shared secret key;  
       means for decrypting said fourth message by using said second shared secret key; and  
       means for decrypting said sixth message by using said third shared secret key.  
     
     
       70. The apparatus of  claim 37  wherein 
       each of said authenticators is a random number;  
       each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third said authenticator for said first participant are created using a cryptographic hash function; and  
       each of said first master key and said second master key are formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.  
     
     
       71. The apparatus of  claim 70  wherein said cryptographic hash function is SHA-1. 
     
     
       72. The apparatus of  claim 37  wherein 
       said first message, said third message and said fifth message include an identifier for said first participant; and  
       said second message, said fourth message and said sixth message include an identifier for said second participant.  
     
     
       73. The apparatus of  claim 72  wherein 
       said identifier for said first participant comprises an IP address; and  
       said identifier for said second participant comprises an IP address.  
     
     
       74. The apparatus of  claim 36  wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters. 
     
     
       75. The apparatus of  claim 36  wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters. 
     
     
       76. The apparatus of  claim 37 , further comprising: 
       means for decrypting said first message by using said first shared secret key;  
       means for decrypting said third message by using said second shared secret key; and  
       means for decrypting said fifth message by using said third shared secret key.  
     
     
       77. A method for a first participant to establish a shared secret with a second participant, said first participant and said second participant sharing a password-based first master key and a hash function, the method for said first participant comprising: 
       sending a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;  
       receiving a second message in response to said sending said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;  
       sending a third message in response to said receiving said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant;  
       receiving a fourth message in response to said sending said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key;  
       sending a fifth message to said second participant in response to said receiving said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and  
       receiving a sixth message from said second participant in response to said sending said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key, each of said authenticators comprising a random number, each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant created using a cryptographic hash function, each of said first master key and said second master key formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.  
     
     
       78. The method of  claim 77  wherein said cryptographic hash function is SHA-1. 
     
     
       79. The method of  claim 77  wherein 
       said first message, said third message and said fifth message include an identifier for said first participant; and  
       said second message, said fourth message and said sixth message include an identifier for said second participant.  
     
     
       80. The method of  claim 79  wherein 
       said identifier for said first participant comprises an IP address; and  
       said identifier for said second participant comprises an IP address.  
     
     
       81. The method of  claim 77  wherein 
       said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters; and  
       said method further comprises:  
       authenticating said second message by comparing a stored value of said first authenticator for said second participant with the value of said first authenticator of said second participant in said second message;  
       authenticating said fourth message by comparing a stored value of said second authenticator for said second participant with the value of said second authenticator of said second participant in said fourth message; and  
       authenticating said sixth message by comparing a stored third authenticator for said second participant with the value of said third authenticator of said second participant in said sixth message.  
     
     
       82. A method for a first participant to establish a shared secret with a second participant, said first participant and said second participant sharing a password-based first master key and a hash function, the method for said second participant comprising: 
       receiving a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;  
       sending a second message in response to said receiving said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;  
       receiving a third message in response to said sending said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant;  
       sending a fourth message in response to said receiving said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key;  
       receiving a fifth message from said first participant in response to said sending said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and  
       sending a sixth message to said first participant in response to said receiving said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key, each of said authenticators comprising a random number, each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant created using a cryptographic hash function, each of said first master key and said second master key formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.  
     
     
       83. The method of  claim 82  wherein said cryptographic hash function is SHA-1. 
     
     
       84. The method of  claim 82  wherein 
       said first message, said third message and said fifth message include an identifier for said first participant; and  
       said second message, said fourth message and said sixth message include an identifier for said second participant.  
     
     
       85. The method of  claim 84  wherein 
       said identifier for said first participant comprises an IP address; and  
       said identifier for said second participant comprises an IP address.  
     
     
       86. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for establishing a shared secret between a first participant and a second participant, the first participant and second participant sharing a password-based first master key and a hash function, the method for said first participant comprising: 
       sending a first message including a private value for said second participant and a first authenticator for said second participant encrypted with said first master key, said first message including a hash value of a first authenticator for said first participant encrypted with a first shared secret key, said first message including a first public value for said first participant;  
       receiving a second message in response to said sending said first message, said second message including said first authenticator for said second participant and a first public value for said second participant encrypted with said first shared secret key;  
       sending a third message in response to said receiving said second message, said third message including said first authenticator for said first participant, a hash value of a second authenticator for said first participant, a second authenticator for said second participant and a second master key encrypted with a second shared secret key, said third message including a second public value for said first participant;  
       receiving a fourth message in response to said sending said third message, said fourth message including a second authenticator for said second participant and a second public value for said second participant encrypted with said second shared secret key;  
       sending a fifth message to said second participant in response to said receiving said fourth message, said fifth message including said second authenticator for said first participant, a third authenticator for said second participant and a hash value of a third authenticator for said first participant encrypted with a third shared secret key, said fifth message including a third public value for said first participant; and  
       receiving a sixth message from said second participant in response to said sending said fifth message, said sixth message including said third authenticator for said second participant and a third public value for said second participant encrypted with said third shared secret key, each of said authenticators comprising a random number, each of said hash value of said first authenticator for said first participant, said hash value of said second authenticator for said first participant, and said hash value of said third authenticator for said first participant are created using a cryptographic hash function, each of said first master key and said second master key formed by encrypting at least part of a user password to obtain an encrypted password and inputting said encrypted password into said cryptographic hash function.  
     
     
       87. The program storage device of  claim 86  wherein said cryptographic hash function is SHA-1. 
     
     
       88. The program storage device of  claim 86  wherein 
       said first message, said third message and said fifth message include an identifier for said first participant; and  
       said second message, said fourth message and said sixth message include an identifier for said second participant.  
     
     
       89. The program storage device of  claim 88  wherein 
       said identifier for said first participant comprises an IP address; and  
       said identifier for said second participant comprises an IP address.  
     
     
       90. The program storage device of  claim 86  wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman ephemeral parameters. 
     
     
       91. The program storage device of  claim 86  wherein said first public value for said first participant, said second public value for said first participant, said first public value for said second participant, said second public value for said second participant, and said private value for said second participant are Diffie-Hellman elliptic curve parameters. 
     
     
       92. The program storage device of  claim 90 , said method further comprising: 
       authenticating said second message by comparing a stored value of said first authenticator for said second participant with the value of said first authenticator of said second participant in said second message;  
       authenticating said fourth message by comparing a stored value of said second authenticator for said second participant with the value of said second authenticator of said second participant in said fourth message; and  
       authenticating said sixth message by comparing a stored third authenticator for said second participant with the value of said third authenticator of said second participant in said sixth message.  
     
     
       93. The program storage device of  claim 91 , said method further comprising: 
       decrypting said second message by using said first shared secret key;  
       decrypting said fourth message by using said second shared secret key; and  
       decrypting said sixth message by using said third shared secret key.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.